source: branches/branch-1_7/upload.php @ 1979

Last change on this file since 1979 was 1915, checked in by rub, 18 years ago

Add the last (before 1.8) tabsheet on administration menu (Waiting elements).
Small change way mail function.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 13.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | file          : $Id: upload.php 1915 2007-03-16 18:49:19Z rub $
8// | last update   : $Date: 2007-03-16 18:49:19 +0000 (Fri, 16 Mar 2007) $
9// | last modifier : $Author: rub $
10// | revision      : $Revision: 1915 $
11// +-----------------------------------------------------------------------+
12// | This program is free software; you can redistribute it and/or modify  |
13// | it under the terms of the GNU General Public License as published by  |
14// | the Free Software Foundation                                          |
15// |                                                                       |
16// | This program is distributed in the hope that it will be useful, but   |
17// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
18// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
19// | General Public License for more details.                              |
20// |                                                                       |
21// | You should have received a copy of the GNU General Public License     |
22// | along with this program; if not, write to the Free Software           |
23// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
24// | USA.                                                                  |
25// +-----------------------------------------------------------------------+
26define('PHPWG_ROOT_PATH','./');
27include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
28
29check_status(ACCESS_GUEST);
30
31$username = !empty($_POST['username'])?$_POST['username']:$user['username'];
32$mail_address = !empty($_POST['mail_address'])?$_POST['mail_address']:@$user['mail_address'];
33$name = !empty($_POST['name'])?$_POST['name']:'';
34$author = !empty($_POST['author'])?$_POST['author']:'';
35$date_creation = !empty($_POST['date_creation'])?$_POST['date_creation']:'';
36$comment = !empty($_POST['comment'])?$_POST['comment']:'';
37
38//------------------------------------------------------------------- functions
39// The validate_upload function checks if the image of the given path is valid.
40// A picture is valid when :
41//     - width, height and filesize are not higher than the maximum
42//       filesize authorized by the administrator
43//     - the type of the picture is among jpg, gif and png
44// The function returns an array containing :
45//     - $result['type'] contains the type of the image ('jpg', 'gif' or 'png')
46//     - $result['error'] contains an array with the different errors
47//       found with the picture
48function validate_upload( $temp_name, $my_max_file_size,
49                          $image_max_width, $image_max_height )
50{
51  global $conf, $lang, $page, $mail_address;
52
53  $result = array();
54  $result['error'] = array();
55  //echo $_FILES['picture']['name']."<br />".$temp_name;
56  $extension = get_extension( $_FILES['picture']['name'] );
57  if (!in_array($extension, $conf['picture_ext']))
58  {
59    array_push( $result['error'], l10n('upload_advise_filetype') );
60    return $result;
61  }
62  if ( !isset( $_FILES['picture'] ) )
63  {
64    // do we even have a file?
65    array_push( $result['error'], "You did not upload anything!" );
66  }
67  else if ( $_FILES['picture']['size'] > $my_max_file_size * 1024 )
68  {
69    array_push( $result['error'],
70                l10n('upload_advise_filesize').$my_max_file_size.' KB' );
71  }
72  else
73  {
74    // check if we are allowed to upload this file_type
75    // upload de la photo sous un nom temporaire
76    if ( !move_uploaded_file( $_FILES['picture']['tmp_name'], $temp_name ) )
77    {
78      array_push( $result['error'], l10n('upload_cannot_upload') );
79    }
80    else
81    {
82      $size = getimagesize( $temp_name );
83      if ( isset( $image_max_width )
84           and $image_max_width != ""
85           and $size[0] > $image_max_width )
86      {
87        array_push( $result['error'],
88                    l10n('upload_advise_width').$image_max_width.' px' );
89      }
90      if ( isset( $image_max_height )
91           and $image_max_height != ""
92           and $size[1] > $image_max_height )
93      {
94        array_push( $result['error'],
95                    l10n('upload_advise_height').$image_max_height.' px' );
96      }
97      // $size[2] == 1 means GIF
98      // $size[2] == 2 means JPG
99      // $size[2] == 3 means PNG
100      switch ( $size[2] )
101      {
102      case 1 : $result['type'] = 'gif'; break;
103      case 2 : $result['type'] = 'jpg'; break;
104      case 3 : $result['type'] = 'png'; break;
105      default :
106        array_push( $result['error'], l10n('upload_advise_filetype') ); 
107      }
108    }
109  }
110  if ( sizeof( $result['error'] ) > 0 )
111  {
112    // destruction de l'image avec le nom temporaire
113    @unlink( $temp_name );
114  }
115  else
116  {
117    @chmod( $temp_name, 0644);
118  }
119
120  //------------------------------------------------------------ log informations
121  pwg_log();
122
123  return $result;
124}
125
126//-------------------------------------------------- access authorization check
127if (is_numeric($_GET['cat']))
128{
129  $page['category'] = $_GET['cat'];
130}
131
132if (isset($page['category']))
133{
134  check_restrictions( $page['category'] );
135  $category = get_cat_info( $page['category'] );
136  $category['cat_dir'] = get_complete_dir( $page['category'] );
137 
138  if (url_is_remote($category['cat_dir']) or !$category['uploadable'])
139  {
140    die('Fatal: you take a wrong way, bye bye');
141  }
142}
143
144$error = array();
145$page['upload_successful'] = false;
146if ( isset( $_GET['waiting_id'] ) )
147{
148  $page['waiting_id'] = $_GET['waiting_id'];
149}
150//-------------------------------------------------------------- picture upload
151// verfying fields
152if ( isset( $_POST['submit'] ) and !isset( $_GET['waiting_id'] ) )
153{
154  $path = $category['cat_dir'].$_FILES['picture']['name'];
155  if ( @is_file( $path ) )
156  {
157    array_push( $error, l10n('upload_file_exists') );
158  }
159  // test de la présence des champs obligatoires
160  if ( empty($_FILES['picture']['name']))
161  {
162    array_push( $error, l10n('upload_filenotfound') );
163  }
164  if ( !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)",
165             $_POST['mail_address'] ) )
166  {
167    array_push( $error, l10n('reg_err_mail_address') );
168  }
169  if ( empty($_POST['username']) )
170  {
171    array_push( $error, l10n('upload_err_username') );
172  }
173 
174  $date_creation = '';
175  if ( !empty($_POST['date_creation']) )
176  {
177    list( $day,$month,$year ) = explode( '/', $_POST['date_creation'] );
178    // int checkdate ( int month, int day, int year)
179    if (checkdate($month, $day, $year))
180    {
181      $date_creation = $year.'-'.$month.'-'.$day;
182    }
183    else
184    {
185      array_push( $error, l10n('err_date') );
186    }
187  }
188  // creation of the "infos" field :
189  // <infos author="Pierrick LE GALL" comment="my comment"
190  //        date_creation="2004-08-14" name="" />
191  $xml_infos = '<infos';
192  $xml_infos.= encodeAttribute('author', $_POST['author']);
193  $xml_infos.= encodeAttribute('comment', $_POST['comment']);
194  $xml_infos.= encodeAttribute('date_creation', $date_creation);
195  $xml_infos.= encodeAttribute('name', $_POST['name']);
196  $xml_infos.= ' />';
197
198  if ( !preg_match( '/^[a-zA-Z0-9-_.]+$/', $_FILES['picture']['name'] ) )
199  {
200    array_push( $error, l10n('update_wrong_dirname') );
201  }
202 
203  if ( sizeof( $error ) == 0 )
204  {
205    $result = validate_upload( $path, $conf['upload_maxfilesize'],
206                               $conf['upload_maxwidth'],
207                               $conf['upload_maxheight']  );
208    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
209    {
210      array_push( $error, $result['error'][$j] );
211    }
212  }
213
214  if ( sizeof( $error ) == 0 )
215  {
216    $query = 'insert into '.WAITING_TABLE;
217    $query.= ' (storage_category_id,file,username,mail_address,date,infos)';
218    $query.= ' values ';
219    $query.= '('.$page['category'].",'".$_FILES['picture']['name']."'";
220    $query.= ",'".htmlspecialchars( $_POST['username'], ENT_QUOTES)."'";
221    $query.= ",'".$_POST['mail_address']."',".time().",'".$xml_infos."')";
222    $query.= ';';
223    pwg_query( $query );
224    $page['waiting_id'] = mysql_insert_id();
225
226    if ($conf['email_admin_on_picture_uploaded'])
227    {
228      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
229
230      $waiting_url = get_absolute_root_url().'admin.php?page=upload';
231
232      $keyargs_content = array
233      (
234        get_l10n_args('Category: %s', get_cat_display_name($category['upper_names'], null, false)),
235        get_l10n_args('Picture name: %s', $_FILES['picture']['name']),
236        get_l10n_args('User: %s', $_POST['username']),
237        get_l10n_args('Email: %s', $_POST['mail_address']),
238        get_l10n_args('Picture name: %s', $_POST['name']),
239        get_l10n_args('Author: %s', $_POST['author']),
240        get_l10n_args('Creation date: %s', $_POST['date_creation']),
241        get_l10n_args('Comment: %s', $_POST['comment']),
242        get_l10n_args('', ''),
243        get_l10n_args('Waiting page: %s', $waiting_url)
244      );
245
246      pwg_mail_notification_admins
247      (
248        get_l10n_args('Picture uploaded by %s', $_POST['username']),
249        $keyargs_content
250      );
251    }
252  }
253}
254
255//------------------------------------------------------------ thumbnail upload
256if ( isset( $_POST['submit'] ) and isset( $_GET['waiting_id'] ) )
257{
258  // upload of the thumbnail
259  $query = 'select file';
260  $query.= ' from '.WAITING_TABLE;
261  $query.= ' where id = '.$_GET['waiting_id'];
262  $query.= ';';
263  $result= pwg_query( $query );
264  $row = mysql_fetch_array( $result );
265  $file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
266  $extension = get_extension( $_FILES['picture']['name'] );
267
268  if (($path = mkget_thumbnail_dir($category['cat_dir'], $error)) != false)
269  {
270    $path.= '/'.$conf['prefix_thumbnail'].$file.'.'.$extension;
271    $result = validate_upload( $path, $conf['upload_maxfilesize'],
272                               $conf['upload_maxwidth_thumbnail'],
273                               $conf['upload_maxheight_thumbnail']  );
274    for ( $j = 0; $j < sizeof( $result['error'] ); $j++ )
275    {
276      array_push( $error, $result['error'][$j] );
277    }
278  }
279
280  if ( sizeof( $error ) == 0 )
281  {
282    $query = 'update '.WAITING_TABLE;
283    $query.= " set tn_ext = '".$extension."'";
284    $query.= ' where id = '.$_GET['waiting_id'];
285    $query.= ';';
286    pwg_query( $query );
287    $page['upload_successful'] = true;
288  }
289}
290
291//
292// Start output of page
293//
294$title= l10n('upload_title');
295$page['body_id'] = 'theUploadPage';
296include(PHPWG_ROOT_PATH.'include/page_header.php');
297$template->set_filenames(array('upload'=>'upload.tpl'));
298
299$u_form = PHPWG_ROOT_PATH.'upload.php?cat='.$page['category'];
300if ( isset( $page['waiting_id'] ) )
301{
302$u_form.= '&amp;waiting_id='.$page['waiting_id'];
303}
304
305if ( isset( $page['waiting_id'] ) )
306{
307  $advise_title=l10n('upload_advise_thumbnail').$_FILES['picture']['name'];
308}
309else
310{
311  $advise_title = l10n('upload_advise');
312  $advise_title.= get_cat_display_name($category['upper_names']);
313}
314
315$template->assign_vars(
316  array(
317    'U_HOME' => make_index_url(),
318
319    'ADVISE_TITLE' => $advise_title,
320    'NAME' => $username,
321    'EMAIL' => $mail_address,
322    'NAME_IMG' => $name,
323    'AUTHOR_IMG' => $author,
324    'DATE_IMG' => $date_creation,
325    'COMMENT_IMG' => $comment,
326
327    'F_ACTION' => $u_form,
328
329    'U_RETURN' => make_index_url(array('category' => $category)),
330    )
331  );
332 
333if ( !$page['upload_successful'] )
334{
335  $template->assign_block_vars('upload_not_successful',array());
336//-------------------------------------------------------------- errors display
337if ( sizeof( $error ) != 0 )
338{
339  $template->assign_block_vars('upload_not_successful.errors',array());
340  for ( $i = 0; $i < sizeof( $error ); $i++ )
341  {
342    $template->assign_block_vars('upload_not_successful.errors.error',array('ERROR'=>$error[$i]));
343  }
344}
345
346//--------------------------------------------------------------------- advises
347  if ( !empty($conf['upload_maxfilesize']) )
348  {
349    $content = l10n('upload_advise_filesize');
350    $content.= $conf['upload_maxfilesize'].' KB';
351    $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
352  }
353
354  if ( isset( $page['waiting_id'] ) )
355  {
356    if ( $conf['upload_maxwidth_thumbnail'] != '' )
357    {
358      $content = l10n('upload_advise_width');
359      $content.= $conf['upload_maxwidth_thumbnail'].' px';
360      $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
361    }
362    if ( $conf['upload_maxheight_thumbnail'] != '' )
363    {
364      $content = l10n('upload_advise_height');
365      $content.= $conf['upload_maxheight_thumbnail'].' px';
366      $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
367    }
368  }
369  else
370  {
371    if ( $conf['upload_maxwidth'] != '' )
372    {
373      $content = l10n('upload_advise_width');
374      $content.= $conf['upload_maxwidth'].' px';
375      $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
376    }
377    if ( $conf['upload_maxheight'] != '' )
378    {
379      $content = l10n('upload_advise_height');
380      $content.= $conf['upload_maxheight'].' px';
381      $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>$content));
382    }
383  }
384  $template->assign_block_vars('upload_not_successful.advise',array('ADVISE'=>l10n('upload_advise_filetype')));
385 
386//----------------------------------------- optionnal username and mail address
387  if ( !isset( $page['waiting_id'] ) )
388  {
389    $template->assign_block_vars('upload_not_successful.fields',array());
390    $template->assign_block_vars('note',array());
391  }
392}
393else
394{
395  $template->assign_block_vars('upload_successful',array());
396}
397
398//----------------------------------------------------------- html code display
399$template->parse('upload');
400include(PHPWG_ROOT_PATH.'include/page_tail.php');
401?>
Note: See TracBrowser for help on using the repository browser.